Re: Virus alert

Subject: Re: Virus alert
From: Evan Lavelle (eml@riverside-machines.com)
Date: Tue Dec 04 2001 - 05:22:09 PST

• Next message: Stephen Bailey: "Working Group Roster for IEEE VHDL 2002 LRM"
• Previous message: Paul J. Menchini: "Re: Virus alert"
• In reply to: Paul J. Menchini: "Re: Virus alert"
• Reply: Evan Lavelle: "Re: Virus alert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Paul J. Menchini" wrote:
>
> Evan,
>
> > Alex Z appears to have contracted a virus which is replying to mails
> > on this list. If you get a mail which appears to be from him, and
> > which is in reply to a previous thread here, then it probably has a
> > virus attached. See:
>
> > http://www.sophos.com/virusinfo/analyses/w32badtransb.html
>
> I'm immune, and to my knowledge haven't received one. If there are
> multiple instances, please let me know. I'll temporarily block him from
> eda.org and ask him to disinfect himself. Which email address(es)
> is/are he posting from?
>
> Thanks,
>
> Paul

I've only had one, and I haven't heard from anyone else who
received one. If you receive it, you either have to be
running Microsoft Outlook Express, or you must manually run
the attachment, to be infected. The attachment isn't even
visible in Netscape - I only spotted it because I was
intrigued to receive an apparently empty message and looked
at the message source. The message contained an encoded
attachment with a specific name (which I won't repeat here
for decency's sake!). A quick look on the web for the
attachment name identifies the virus.

The virus auto-replies to emails on your machine, so it uses
the 'To' and 'Subject' fields to generate a message: in my
case, the message was from "Alex Zamfirescu
<hxml@pacbell.net>", with a subject line of "Re: Setting the
Context for VHDL 200x". This basically means that you have
to block all Alex's mail addresses if you're going to block
any. However, I'm intrigued that nothing's turned up on the
reflector - does the reflector scan for viruses?

BTW, congrats on your SA election - not quite sure what a
'Member at Large' is, but it sounds good :)

Evan
__________________________________________________________
 E.M. Lavelle
 Riverside Machines Ltd.
 Milfield tel: (+44) 1362 853008
 Quebec Road fax: (+44) 1362 853956
 Dereham, Norfolk NR19 2DR mobile: (+44) 7850 002425
 UK mailto:eml@riverside-machines.com
__________________________________________________________

• Next message: Stephen Bailey: "Working Group Roster for IEEE VHDL 2002 LRM"
• Previous message: Paul J. Menchini: "Re: Virus alert"
• In reply to: Paul J. Menchini: "Re: Virus alert"
• Reply: Evan Lavelle: "Re: Virus alert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b28 : Tue Dec 04 2001 - 06:19:01 PST